Jump to content

FBI Warns of Cyber Attacks Targeting US Automotive Industry


Recommended Posts

The U.S. Federal Bureau of Investigation (FBI) Cyber Division warned private industry partners of incoming cyberattacks against the US automotive industry targeting sensitive corporate and enterprise data.




The Private Industry Notification (PIN) detailing this alert was seen by BleepingComputer after it was issued to partners by the FBI on November 19, 2019.


"The FBI has observed incidents since late 2018 in which unidentified cyber actors have increasingly targeted the automotive industry with cyberattacks to obtain sensitive customer data, network account passwords, and internal enterprise network details," the agency says in the PIN.


"The FBI assesses the automotive industry likely will face a wide-range of cyber threats and malicious activity in the near future as the vast amount of data collected by Internet-connected vehicles and autonomous vehicles become a highly valued target for nation-state and financially-motivated actors."

Financially motivated and state-backed actors taking on more targets

The automotive industry is facing an increased barrage of incoming malicious attacks and threats according to the FBI seeing that the wide range and large quantity of information it collects becomes progressively more valuable for threat actors.


Extensive amounts and varied types of information gets collected daily from autonomous and Internet-connected vehicles, and the servers it's stored will allow potential attackers to get their hands on the huge trove of data via phishing and brute-force attacks.


However, besides the bad actors getting away scot-free with sensitive data, the automotive industry is also facing other types of threats, including but not limited to data destruction following ransomware attacks and persistent unauthorized access to their enterprise networks.


The agency says that phishing and brute-force attacks against automotive industry entities from the U.S. have already successfully compromised several organizations and companies during 2019, as CNN also reported.

Previous attacks and recommendations

To exemplify the dangers lurking in the shadows and eyeing unprepared automotive orgs, the FBI also listed a handful of previous attacks that it was able to detect and observe during 2019:

• In 2019, unknown cyber actors conducted a brute force attack against a company’s web-facing employee login application. Cyber actors compromised logins of several accounts to access sensitive data.
• In 2019, unidentified cyber actors exploited unpatched operating software vulnerabilities of an organization comprised of multiple office locations and extracted login passwords. The exfiltrated passwords were later used to log into employee accounts on the company’s network to access sensitive data.
• In 2019, several automotive company recipients received phishing emails with malicious attachments. Some recipients opened the attachment which enabled macros to run and allowed the cyber actor to gain access and move laterally through the enterprise and exfiltrate sensitive data.
• In 2019, unidentified cyber actors gained unauthorized access to employee emails of multiple companies in the automotive industry. Cyber actors created mailbox rules to auto-forward sensitive company communications to non-company email addresses. Cyber actors also gained unauthorized access to email accounts with administrator privileges and conducted fraudulent wire-transfers resulting in financial loss.
• Over the course of late 2018 to 2019, several companies in the automotive industry fell victim to both an unidentified ransomware variant and the Ryuk ransomware. The ransomware attacks encrypted data and network servers which impacted the companies’ daily operations. One company paid the ransom, but the attackers did not provide the decryption key; however, the company was partially successful in restoring most of its operations with backed-up data.

The FBI also provides some recommendations to automotive companies that want to successfully defend their assets against future cyber attacks.


Organizations are advised to always keep operating systems up to date to apply the latest security patches immediately after they're issued, and to use strong passwords, lockout policies, and multi-factor authentication (MFA) to defend against brute-force attacks and protect sensitive info and devices.


They are also recommended to back up their data as regularly as possible to prevent data loss following destructive malicious attacks, to protect databases with passwords, and to run an up-to-date anti-malware solution.


Employees should also be trained to spot malicious links and attachments delivered via malspam campaigns and alerted when any phishing attacks targeting the org are detected.


Additionally, any unusual employee activity such as logins coming from weird IP addresses never used before should be monitored to decrease the response time when dealing with an ongoing attack.

Past ransomware, e-skimming, and phishing warnings

The FBI also issued a number of warnings in the past to address incoming or ongoing cyber threats targeting the U.S. people, as well as small and medium-sized businesses (SMBs) and government agencies.


For instance, in late October, the agency released an advisory on how to build a digital defense against e-skimming, as well as to increase awareness on current e-skimming threats targeting both SMBs and gov't agencies that process online payments.


Earlier during October, the FBI's Internet Crime Complaint Center (IC3) published a public service announcement (PSA) on the increasing number of high-impact ransomware attacks targeting both public and private U.S. organizations.


Young people from all over the U.S. were also alerted on Twitter in July about sextortion campaigns while another PSA regarding TLS-secured websites being actively used on malicious phishing campaigns was published in June.



Link to comment
Share on other sites

  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

  • steven36


Popular Days

Top Posters In This Topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...